Mail Thread Index

• Date Index

• [FD] [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability, Egidio Romano
• [FD] [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability, Egidio Romano
• [FD] [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability, Egidio Romano
• [FD] [KIS-2014-17] GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability, Egidio Romano
• [FD] [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability, Egidio Romano
• [FD] [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability, Egidio Romano
• [FD] 31C3 releases: SmartGrid & USB modems, SCADA StrangeLove
• [FD] Windows 8 Privilege Escalation, Allen
• [FD] [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central, Pedro Ribeiro
  • Re: [FD] [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central, Pedro Ribeiro
• [FD] Defense in depth -- the Microsoft way (part 26): "Set Program Access and Computer Defaults" hides applications like Outlook, Stefan Kanthak
• [FD] Mantis BugTracker 1.2.17 - Multiple security vulnerabilities., Popovici, Alejo (LATCO - Buenos Aires)
• [FD] [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360, Pedro Ribeiro
  • Re: [FD] [The ManageOwnage Series, part XI]: Remote code execution in ServiceDesk, Asset Explorer, Support Center and IT360, Pedro Ribeiro
• [FD] ZTE Datacard MF19 0V1.0.0B PCW - Multiple Vulnerabilities, Vulnerability Lab
• [FD] McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure, Brandon Perry
  • Re: [FD] McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure, Brandon Perry
    • Re: [FD] McAfee ePolicy Orchestrator Authenticated XXE and Credential Exposure, Tim
• [FD] SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0, Steffen Rösemann
• [FD] Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0, Steffen Rösemann
• [FD] Reflecting XSS vulnerability in CMS Kajona v. 4.6, Steffen Rösemann
• [FD] Call for papers - BSides Ljubljana - March 12th, 2015 in Ljubljana, Slovenia, Andraz Sraka
• [FD] CVE-2014-9510 - TP-Link TL-WR840N Configuration Import Cross-Site Request Forgery (CSRF), Sean Wright
• [FD] Recon 2015 Call For Papers - June 19 - 21, 2015 - Montreal, Canada, cfp2015
• [FD] Multiple persistent XSS vulnerabilites in CMS BEdita v. 3.4.0, Steffen Rösemann
• [FD] Good for Enterprise Android HTML Injection (CVE-2014-4925), Cláudio André
• [FD] Reflecting XSS vulnerability in CMS e107 v. 1.0.4, Steffen Rösemann
• [FD] [Tool] SPARTA 1.0 BETA, Antonio Quina
• [FD] CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerability, Jing Wang
• [FD] CVE-2014-9561 Softbb.net SoftBB XSS (Cross-Site Scripting) Security Vulnerability, Jing Wang
• [FD] Facebook Old Generated URLs Still Vulnerable to Open Redirect Attacks & A New Open Redirect Security Vulnerability, Jing Wang
• [FD] Amazon Covert Redirect Based on Kindle Daily Post, Omnivoracious, Car Lust & kindlepost.com omnivoracious.com carlustblog.com Open Redirect, Jing Wang
• [FD] Reflecting XSS vulnerability in CMS Croogo v.2.2.0, Steffen Rösemann
• [FD] Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6, Steffen Rösemann
• [FD] Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities, Pietro Oliva
• [FD] Heroku API Bug Bounty #1 - Persistent Invitation Vulnerability, Vulnerability Lab
• [FD] ZTE Datacard PCW(Telecom MF180) - Multiple Software Vulnerabilities, Vulnerability Lab
• [FD] Heroku API Deep Dive Bug Bounty #3 - Persistent UI Vulnerability, Vulnerability Lab
• [FD] Blitz CMS Community - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] [RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0, RedTeam Pentesting GmbH
• [FD] CVE-2014-8870: Arbitrary Redirect in Tapatalk Plugin for WoltLab Burning Board 4.0, RedTeam Pentesting GmbH
• [FD] Corel Software DLL Hijacking, CORE Advisories Team
  • <Possible follow-ups>
  • [FD] Corel Software DLL Hijacking, CORE Advisories Team
  • [FD] Corel Software DLL Hijacking, CORE Security Technologies Advisories-team (jrv)
• [FD] Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection, Brandon Perry
• [FD] XSS Vulnerability in Fork CMS 3.8.3, ITAS Team
• [FD] Snom SIP phones denial of service through HTTP, kapejod@xxxxxxxxxxxxxx
  • Re: [FD] Snom SIP phones denial of service through HTTP, Martin Schuhmacher
    • Re: [FD] Snom SIP phones denial of service through HTTP, Max Mühlbronner
    • Re: [FD] Snom SIP phones denial of service through HTTP, kapejod@xxxxxxxxxxxxxx
      • Re: [FD] Snom SIP phones denial of service through HTTP, Martin Schuhmacher
• [FD] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager, Peter Lapp
• [FD] Lizard Stresser rekt, Robert Cavanaugh
  • Re: [FD] Lizard Stresser rekt, Julius Kivimäki
• [FD] [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager, Peter Lapp
• [FD] SQL Injection Vulnerability in Microweber 0.95, ITAS Team
• [FD] MS14-080 CVE-2014-6365 Technical Details Without "Nonsense", Diéyǔ
• [FD] Reflecting XSS vulnerability in filemanager of CMS b2evolution v. 5.2.0, Steffen Rösemann
• [FD] SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones, SEC Consult Vulnerability Lab
  • Re: [FD] SEC Consult SA-20150113-0 :: Multiple critical vulnerabilities in all snom desktop IP phones, kapejod@xxxxxxxxxxxxxx
• [FD] SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower, SEC Consult Vulnerability Lab
• [FD] SEC Consult SA-20150113-2 :: Cross-Site Request Forgery in XBMC / Kodi, SEC Consult Vulnerability Lab
• [FD] Foxit MobilePDF v4.4.0 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] Sitefinity Enterprise v7.2.53 - Persistent UI Vulnerability, Vulnerability Lab
• [FD] ZTE Datacard PCW(Telecom MF180) - Multiple Vulnerabilities, Vulnerability Lab
• [FD] Sierra Wireless AirCard 760S/762S/763S Mobile Hotspot CRLF Injection, Luke Walker
• [FD] Reflected XSS in Flash files of TechSmith Camtasia 8 & 7, Soroush Dalili
• [FD] MS14-080 CVE-2014-6365 Code, Diéyǔ
• [FD] Alienvault OSSIM/USM Command Execution Vulnerability, Peter Lapp
• [FD] CatBot v0.4.2 (PHP) - SQL Injection Vulnerability, Vulnerability Lab
• [FD] VeryPhoto v3.0 iOS - Command Injection Vulnerability, Vulnerability Lab
• [FD] WiFi File Browser Pro v2.0.8 - Code Execution Vulnerability, Vulnerability Lab
• [FD] File Pro Mini v5.2 iOS - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] Facebook Bug Bounty #19 - Filter Bypass Web Vulnerability, Vulnerability Lab
• [FD] Pandora FMS v5.1 SP1 - Persistent SNMP Editor Vulnerability, admin@xxxxxxxxxxxxxxxxx
• [FD] McAfee Advanced Threat Defense - Sandbox Fingerprinting & Bypass, David Coomber
• [FD] Reflecting XSS vulnerability in administrative backend of CMS Websitebaker v. 2.8.3 SP3, Steffen Rösemann
• [FD] N-central Remote Support Manager Multiple Vulnerabilities, Thomas Hibbert
• [FD] VLC Media Player 2.1.5 Memory Corruption Vulnerabilities (CVE-2014-9597, CVE-2014-9597), Veysel hataş
• [FD] SPSControl v1.2 iOS - (.spc) Persistent Vulnerability, Vulnerability Lab
• [FD] Banana Dance Wiki CMS b2.x - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities, Advisories
• [FD] Barracuda Load Balancer ADC VM multiple vulnerabilities, Cristiano Maruti
• [FD] Hack In Paris 2015 Call For Papers / Call For Trainings, Damien Cauquil
• [FD] vorbis-tools issues, Paris Zoumpouloglou
• [FD] WebGUI 7.10.29 stable version Cross site scripting vulnerability, SECUPENT Research Center
• [FD] Arbitrary File Upload in articleFR CMS 3.0.5, Tien Tran Dinh
• [FD] SQL injection vulnerability in articleFR CMS 3.0.5, Tien Tran Dinh
• [FD] CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards., J. Tozo
  • Re: [FD] CVE-2015-1169 - CAS Server 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards., Paul B. Henson
• [FD] full name disclosure information leak in google drive, kevin mcsheehan
  • Re: [FD] full name disclosure information leak in google drive, Daniel Miller
    • Re: [FD] full name disclosure information leak in google drive, kevin mcsheehan
      • Re: [FD] full name disclosure information leak in google drive, forgottenpassword
• [FD] SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP, SEC Consult Vulnerability Lab
• [FD] Program-O v2.4.6 - Multiple Web Vulnerabilities, Vulnerability Lab
• [FD] PhotoSync 1.1.3 Android - Command Inject Vulnerability, Vulnerability Lab
• [FD] USAA mobile app gives away personal data; fix released, David Longenecker
• [FD] CVE-2014-9558 SmartCMS Multiple SQL Injection Security Vulnerabilities, Jing Wang
• [FD] CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerabilities, Jing Wang
• [FD] Alibaba Taobao, AliExpress, Tmall, Online Electronic Shopping Website XSS & Open Redirect Security Vulnerabilities, Jing Wang
• [FD] Multiple stored/reflecting XSS- and SQLi-vulnerabilities and unrestricted file-upload in ferretCMS v. 1.0.4-alpha, Steffen Rösemann
• [FD] IT Hot Topics 2015 Call for Papers, Squirrel Herder Productions
• [FD] XSS vulnerability in articleFR CMS 3.0.5, Tien Tran Dinh
• [FD] SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability, Vulnerability Lab
• [FD] Mangallam CMS - SQL Injection Web Vulnerability, Vulnerability Lab
• [FD] [CORE-2015-0002] - Android WiFi-Direct Denial of Service, CORE Advisories Team
• [FD] Barracuda Networks Cloud Series - Filter Bypass Vulnerability, bkm@xxxxxxxxxxxxxxxxx
• [FD] [Call For Papers] Security BSides San Francisco April 2015, BSidesLV
• [FD] [CORE-2015-0003] - FreeBSD Kernel Multiple Vulnerabilities, CORE Advisories Team
• [FD] NEW VMSA-2015-0001 - VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address resolve security issues, VMware Security Response Center
• [FD] [AMPLIA-ARA100614] OS X Gatekeeper Bypass Vulnerability, Amplia Security Advisories
• [FD] CVE-2015-1042 - Mantis BugTracker 1.2.19 - URL Redirection to Untrusted Site ('Open Redirect'), Popovici, Alejo (LATCO - Buenos Aires)
• [FD] Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow, Qualys Security Advisory
  • Re: [FD] Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow, Timo Goosen
• [FD] Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE), Steffen Rösemann
• [FD] Wordpress Geo Mashup plugin <= 1.8.2 XSS vulnerability, Paolo Perego
• [FD] [The ManageOwnage Series, part XII]: Multiple vulnerabilities in FailOverServlet (OpManager, AppManager, IT360), Pedro Ribeiro
• [FD] AST-2015-001: File descriptor leak when incompatible codecs are offered, Asterisk Security Team
• [FD] AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability, Asterisk Security Team
• [FD] Vulnerabilities in HP LaserJet, MustLive
• [FD] AirWatch Multiple Direct Object References, Denis Andzakovic
• [FD] Cisco Meraki Systems Manager Multiple Vulnerabilities, Denis Andzakovic
• [FD] Fortinet FortiAuthenticator Multiple Vulnerabilities, Denis Andzakovic
• [FD] Fortinet FortiClient Multiple Vulnerabilities, Denis Andzakovic
• [FD] Fortinet FortiOS Multiple Vulnerabilities, Denis Andzakovic
• [FD] Kaseya BYOD Gateway Multiple Vulnerabilities, Denis Andzakovic
• [FD] Kaseya Browser Android Path Traversal, Denis Andzakovic
• [FD] NEW VMSA-2015-0002 VMware vSphere Data Protection product update addresses a certificate validation vulnerability, VMware Security Response Center
• [FD] Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection, Paul Craig
• [FD] Blubrry PowerPress Security Advisory - XSS Vulnerability - CVE-2015-1385, Onur Yilmaz
• [FD] Facebook Malware that infected more than 110K and still on the rise, Mohammad Reza Faghani
• [FD] Registration open for Rooted CON 2015, omarbv
• [FD] Unrevealed Secrets of MAL-Drone, jack ana